creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS

Can be found on Bionic 4.15.0-159-generic as well.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1950239

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

From the LTP creat09 test comment:

 * This fix is incomplete if file is on xfs filesystem.
 *
 * Fixed in:
 *
 * commit 01ea173e103edd5ec41acec65b9261b87e123fc2
 * Author: Christoph Hellwig <email address hidden>
 * Date: Fri Jan 22 16:48:18 2021 -0800
 *
 * xfs: fix up non-directory creation in SGID directories

We need to fix this in all our affected kernels.
Cascardo.

Found also on 2021.11.08/bionic/linux-azure-fips/4.15.0-2039.43

Found also on 2021.11.08/focal/linux-azure/5.4.0-1064.67

This will require a backport for older kernels as xfs_ialloc was renamed to xfs_init_new_inode. I am working on it.

Cascardo.

There is the in-disk inode structure that makes it complicated to backport the fix. Eventually, we would need something like the commit below in older releases.

542951592c99ff7b15c050954c051dd6dd6c0f97 ("xfs: remove the icdinode di_uid/di_gid members")

Alternatively, just making sure values match might be fine as on this commit.

3d8f2821502d0b60bac2789d0bea951fda61de0c ("xfs: ensure that the inode uid/gid match values match the icdinode ones")

Found on hirsute:linux-aws 5.11.0-1022.23

This bug is awaiting verification that the linux-oem-5.10/5.10.0-1052.54 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Works fine on 5.10.0-1052-oem.

Cascardo.

This bug is awaiting verification that the linux/5.11.0-42.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Passed with Hirsute 5.11.0-42.46

This bug was fixed in the package linux-oem-5.10 - 5.10.0-1052.54

---------------
linux-oem-5.10 (5.10.0-1052.54) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1052.54 -proposed tracker (LP: #1949843)

  * creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
    failed with XFS (LP: #1950239)
    - xfs: fix up non-directory creation in SGID directories

  * Let NVMe with HMB use native power control again (LP: #1950042)
    - nvme-pci: use attribute group for cmb sysfs
    - nvme-pci: cmb sysfs: one file, one value
    - nvme-pci: disable hmb on idle suspend
    - nvme: allow user toggling hmb usage

  * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

 -- Chia-Lin Kao (AceLan) <email address hidden> Tue, 23 Nov 2021 15:29:37 +0800

This bug is awaiting verification that the linux/4.15.0-165.173 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Verified with B-AWS, 4.15.0-1117.124, test passed.

focal/linux-ibm has not been updated to the latest focal/master-next version (5.4.0-92.103), which has the fix.

Cascardo.

Found on B-ibm-gt-5.4 (failing with ubuntu_ltp_cve/cve-2018-13405), version 5.4.0-1003.3.

(I accidentally removed the linux-ibm package from this bug report)

Spotted on T-AWS-4.4 4.4.0-1098.103

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

  * bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

  * Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
    - SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

  * bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

  * Support builtin revoked certificates (LP: #1932029)
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
    - SAUCE: integrity: add informational messages when revoking certs

  * CVE-2021-4002
    - arm64: tlb: Provide forward declaration of tlb_flush() before including
      tlb.h
    - mm: mmu_notifier fix for tlb_end_vma
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

linux (4.15.0-164.172) bionic; urgency=medium

  * bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * Bionic update: upstream stable patchset 2021-11-23 (LP: #1951997)
    - btrfs: always wait on ordered extents at fsync time
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - NIOS2: irqflags: rename a redefined register name
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - ocfs2: fix data corruption after conversio...

This bug was fixed in the package linux - 5.4.0-92.103

---------------
linux (5.4.0-92.103) focal; urgency=medium

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffe...

This bug was fixed in the package linux-ibm - 5.4.0-1010.11

---------------
linux-ibm (5.4.0-1010.11) focal; urgency=medium

  * focal/linux-ibm: 5.4.0-1010.11 -proposed tracker (LP: #1952302)

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] ibm: Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Support builtin revoked certificates (LP: #1932029)
    - [Config] ibm: Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  [ Ubuntu: 5.4.0-92.103 ]

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)
  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches
  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init
  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port1...

This bug was fixed in the package linux - 5.11.0-44.48

---------------
linux (5.11.0-44.48) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)

  * Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

linux (5.11.0-42.46) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

  * Hirsute update: upstream stable patchset 2021-11-24 (LP: #1952136)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - io_uring: kill fasync
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
    - ALSA: hda/realtek: Add quirk for Clevo X170KM-G
    - ALSA: hda/realtek - ALC236 headset MIC recording issue
    - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1
    - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
    - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
    - s390: fix strrchr() implementation
    - clk: socfpga: agilex: fix duplicate s2f_user0_clk
    - csky: don't let si...

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.